Abstract
Radio Frequency Identification (RFID) has been widely ad-opted for object identification. An RFID system comprises three essential components, namely RFID tags, readers and a backend server. Conventionally, the system is considered to be controlled by a single party who maintains all the secret information. However, in some practical scenarios, RFID tags, readers and servers could be operated by different parties. Although the private information should not be shared, the system should allow a valid tag to be authenticated by a legal reader. The challenge in designing the system is preserving the tag and reader’s privacy. In this paper, we propose a novel concept of authorized RFID authentication. The proposed protocols allow the tag to be merely identifiable by an authorized reader and the server cannot reveal the tag during the reader-server interaction. We provide a formal definition of privacy and security models of authorized authentication protocols under the strong and weak notions and propose three provably secure protocols.
This work is supported by the Australian Research Council Discovery Project DP110101951.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The full version of the paper can be requested from the authors.
References
Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 143. Springer, Heidelberg (2001)
Batina, L., Seys, S., Singelée, D., Verbauwhede, I.: Hierarchical ECC-based RFID authentication protocol. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 183–201. Springer, Heidelberg (2012)
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)
Bringer, J., Chabanne, H., Icart, T.: Cryptanalysis of EC-RAC, a RFID identification protocol. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 149–161. Springer, Heidelberg (2008)
Burmester, M., Le, T.V., de Medeiros, B., Tsudik, G.: Universally composable RFID identification and authentication protocols. ACM Trans. Inf. Syst. Secur. 12(4), 1–33 (2009)
Canard, S., Coisel, I., Etrog, J., Girault, M.: Privacy-preserving RFID systems: model and constructions. IACR Cryptology ePrint Archive 2010, 405 (2010)
Deng, R.H., Li, Y., Yung, M., Zhao, Y.: A new framework for RFID privacy. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 1–18. Springer, Heidelberg (2010)
van Deursen, T., Radomirović, S.: Untraceable RFID protocols are not trivially composable: attacks on the rvision of ec-rac. IACR Cryptol. ePrint Archive 2009, 332 (2009)
van Deursen, T., Radomirović, S.: EC-RAC: enriching a capacious RFID attack collection. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 75–90. Springer, Heidelberg (2010)
Fan, J., Hermans, J., Vercauteren, F.: On the claimed privacy of EC-RAC III. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 66–74. Springer, Heidelberg (2010)
Hein, D., Wolkerstorfer, J., Felber, N.: ECC is ready for RFID – a proof in silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009)
Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011)
Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 52. Springer, Heidelberg (2001)
Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: PerCom Workshops, pp. 342–347. IEEE Computer Society (2007)
Lee, Y.K., Batina, L., Verbauwhede, I.: Ec-rac (ecdlp based randomized access control): Provably secure RFID authentication protocol. In: 2008 IEEE International Conference on RFID, pp. 97–104 (2008)
Lee, Y.K., Batina, L., Verbauwhede, I.: Untraceable RFID authentication protocols: Revision of EC-RAC. In: 2009 IEEE International Conference on RFID, pp. 178–185 (2009)
Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Wide–weak privacy–preserving RFID authentication protocols. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 254–267. Springer, Heidelberg (2010)
Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic-curve-based security processor for RFID. IEEE Trans. Computers 57(11), 1514–1527 (2008)
Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)
Nithyanand, R., Tsudik, G., Uzun, E.: Readers behaving badly. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 19–36. Springer, Heidelberg (2010)
Nithyanand, R., Tsudik, G., Uzun, E.: User-aided reader revocation in PKI-based RFID systems. J. Comput. Secur. 19(6), 1147–1172 (2011)
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Gligor, V.D., Hubaux, J.P., Poovendran, R. (eds.) WISEC, pp. 140–147. ACM (2008)
Tsudik, G.: Ya-trap: Yet another trivial RFID authentication protocol. In: PerCom Workshops, pp. 640–643. IEEE Computer Society (2006)
Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Complexity Assumptions
A Complexity Assumptions
Definition 7
(Oracle Diffie-Hellman Assumption [1]). Given \(g^a,g^b\), a function \(H:\{0,1\}^*\rightarrow \{0,1\}^{l}\) and an oracle \(\mathcal {O}=H(X^b)\), where \(X\ne {g^a}\), the advantage of an adversary \(\mathcal {A}\) in violating the ODH assumption is
where \(t\in \{0,1\}^l\) We say that the ODH assumption holds, if \(Adv^{odh}_{\mathcal {A},H}\) is negligible.
Definition 8
(EDBDH Assumption). Let \((g,p,\mathbb {G},\mathbb {G}_T)\) be a pairing group. Given \((g,g^a,g^b,g^c,g^t)\), the Extended Decisional Bilinear Diffie-Hellman problem is to determine whether \(g^t=g^{abc}\). We say that the EDBDH assumption holds, if no PPT algorithm \(\mathcal {A}\) can solve the problem with non-negligible advantage.
Definition 9
(V- l -wDBDHI Assumption). Let \((g,h,p,\mathbb {G},\mathbb {G}_T)\) be a pairing group. Given \((g,h,g^{a},g^{a^2},\cdots ,g^{a^l},h^{a},h^{a^2},\cdots ,h^{a^l},g^t)\), the Variant l-weak Decisional Bilinear Diffie-Hellman Inversion problem is to determine whether \(g^t=g^{a^{2l+1}}\). We say that the V-\(l\)-wDBDHI assumption holds, if no PPT algorithm \(\mathcal {A}\) can solve the problem with non-negligible advantage.
Definition 10
( \(\varvec{k\!+\!1}\) -Exponent Assumption). Given \((g,g^{a},g^{a^2},\cdots ,g^{a^k})\), the \(k\)+1-Exponent problem is to compute \(g^{a^{k+1}}\). We say that the \(k\)+1-Exponent assumption holds, if no PPT algorithm \(\mathcal {A}\) can solve the problem with non-negligible advantage.
We show that the security of EDBDH assumption is related to the security of Decisional Bilinear Diffie-Hellman (DBDH) assumption.
Lemma 1
The EDBDH assumption holds if the DBDH assumption holds.
Proof
Suppose that there is a PPT algorithm \(\mathcal {A}\) who can break the EDBDH assumption. Given an instance \((g,g^a,g^b,g^c,g^t)\), \(\mathcal {A}\) can output whether \(g^t=g^{abc}\) in polynomial time with non-negligible advantage. It implies that \(\mathcal {A}\) decides whether \(\hat{e}(g,g^t)=\hat{e}(g,g^{abc})\) which is a solution of DBDH problem. Therefore, if DBDH problem is intractable then the EDBDH assumption holds. \(\Box \)
In terms of V-\(l\)-wDBDHI, a solution of V-\(l\)-wDBDHI problem also implies that the algorithm \(\mathcal {A}\) can decide whether
Since that V-\(l\)-wDBDHI problem is modified from \(l\)-wDBDHI problem, its security can be bounded by using the similar strategy in the generic group model.
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, N., Mu, Y., Susilo, W., Guo, F., Varadharajan, V. (2014). Privacy-Preserving Authorized RFID Authentication Protocols. In: Saxena, N., Sadeghi, AR. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2015. Lecture Notes in Computer Science(), vol 8651. Springer, Cham. https://doi.org/10.1007/978-3-319-13066-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-13066-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13065-1
Online ISBN: 978-3-319-13066-8
eBook Packages: Computer ScienceComputer Science (R0)